<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Assign roles | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'get-started-roles.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/get-started-roles.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/get-started-roles.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/get-started-roles.html" rel="nofollow" target="_blank">../en/get-started-roles.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="security-getting-started.html">Tutorial: Getting started with security</a></span>
»
<span class="breadcrumb-node">Assign roles</span>
</div>
<div class="navheader">
<span class="prev">
<a href="get-started-users.html">« Create users</a>
</span>
<span class="next">
<a href="get-started-logstash-user.html">Add user information in Logstash »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="get-started-roles"></a>Assign roles<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/get-started-security.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>By default, all users can change their own passwords, get information about
themselves, and run the <code class="literal">authenticate</code> API. If you want them to do more than
that, you need to give them one or more <em>roles</em>.</p>
<p>Each role defines a specific set of actions (such as read, create, or delete)
that can be performed on specific secured resources (such as indices, aliases,
documents, fields, or clusters). To help you get up and running, there are
built-in roles.</p>
<p>Go to the <span class="strong strong"><strong>Management / Security / Roles</strong></span> page to see them:</p>
<div class="imageblock screenshot">
<div class="content">
<img src="../static/security/images/management-roles.jpg" alt="Role management screenshot in Kibana">
</div>
</div>
<p>Select a role to see more information about its privileges. For example, select
the <code class="literal">kibana_system</code> role to see its list of cluster and index privileges. To
learn more, see <a class="xref" href="security-privileges.html#privileges-list-indices" title="Indices privileges">Indices privileges</a>.</p>
<p>Let’s assign the <code class="literal">kibana_admin</code> role to your user. Go back to the
<span class="strong strong"><strong>Management / Security / Users</strong></span> page and select your user. Add the <code class="literal">kibana_admin</code>
role and save the change. For example:</p>
<div class="imageblock screenshot">
<div class="content">
<img src="../static/security/images/assign-role.jpg" alt="Assigning a role to a user in Kibana">
</div>
</div>
<p>This user now has administrative access to all features in Kibana.
For more information about granting access to Kibana see
<a href="https://www.elastic.co/guide/en/kibana/7.7/xpack-security-authorization.html" class="ulink" target="_top">Kibana authorization</a>.</p>
<p>If you completed all of the steps in
<a href="https://www.elastic.co/guide/en/elastic-stack-get-started/7.7/get-started-elastic-stack.html" class="ulink" target="_top">Getting started with the Elastic Stack</a>, you should
have Metricbeat data stored in Elasticsearch. Let’s create two roles that grant
different levels of access to that data.</p>
<p>Go to the <span class="strong strong"><strong>Management / Security / Roles</strong></span> page and click <span class="strong strong"><strong>Create role</strong></span>.</p>
<p>Create a <code class="literal">metricbeat_reader</code> role that has <code class="literal">read</code> and <code class="literal">view_index_metadata</code>
privileges on the <code class="literal">metricbeat-*</code> indices:</p>
<div class="imageblock screenshot">
<div class="content">
<img src="../static/security/images/create-reader-role.jpg" alt="Creating a role in Kibana">
</div>
</div>
<p>Create a <code class="literal">metricbeat_writer</code> role that has <code class="literal">manage_index_templates</code> and <code class="literal">monitor</code>
cluster privileges, as well as <code class="literal">write</code>, <code class="literal">delete</code>, and <code class="literal">create_index</code> privileges
on the <code class="literal">metricbeat-*</code> indices:</p>
<div class="imageblock screenshot">
<div class="content">
<img src="../static/security/images/create-writer-role.jpg" alt="Creating another role in Kibana">
</div>
</div>
<p>Now go back to the <span class="strong strong"><strong>Management / Security / Users</strong></span> page and assign these roles
to the appropriate users. Assign the <code class="literal">metricbeat_reader</code> role to your personal
user.  Assign the <code class="literal">metricbeat_writer</code> role to the <code class="literal">logstash_internal</code> user.</p>
<p>The list of users should now contain all of the built-in users as well as the
two you created. It should also show the appropriate roles for your users:</p>
<div class="imageblock screenshot">
<div class="content">
<img src="../static/security/images/management-users.jpg" alt="User management screenshot in Kibana">
</div>
</div>
<p>If you want to learn more about authorization and roles, see <a class="xref" href="authorization.html" title="User authorization"><em>User authorization</em></a>.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="get-started-users.html">« Create users</a>
</span>
<span class="next">
<a href="get-started-logstash-user.html">Add user information in Logstash »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>